Using cURL with wolfSSL and TLS 1.3

cURL is an open-source project that provides the command line tool, curl, for transferring data between client and server with URLs, powered by cURL’s library, libcurl. curl and libcurl both provide support for building SSL/TLS libraries, including wolfSSL! The latest version of cURL can be downloaded from https://github.com/curl/curl.

To build curl with wolfSSL, simply configure and install curl with:

$ ./configure --with-wolfssl --without-ssl
$ make && make install

Starting with version 7.52.0, curl provides TLS 1.3 support when built with a TLS library. TLS 1.3 protocol support is also currently available in the wolfSSL library. Since both curl and wolfSSL support TLS 1.3, curl can be compiled with the addition of wolfSSL to select the TLS 1.3 protocol.

Configuring wolfSSL and curl to implement TLS 1.3 is simple. To build curl and libcurl with wolfSSL, wolfSSL must first be configured with TLS 1.3 support.

To enable TLS 1.3 support in wolfSSL, compile and install wolfSSL with the “–enable-tls13” option:

$ ./configure --enable-tls13
$ make && make install

Then, build curl with TLS 1.3-enabled wolfSSL:

$ ./configure --with-wolfssl --without-ssl
$ make && make install

To test a TLS 1.3 connection with curl + wolfSSL, invoke curl with the –tlsv1.3 option on a server that supports TLS 1.3. For example:

$ curl --tlsv1.3 https://enabled.tls13.com/

A successful connection will return the HTML page downloaded from https://enabled.tls13.com/: